Cyber attacks can cost firms $1.75tr

Finds a Microsoft study for Asia Pacific

The potential economic loss across the Asia Pacific due to cybersecurity incidents can hit a staggering $1.745 trillion, a study said.

This is more than 7 percent of the region's total gross domestic product of $24.3 trillion, a Frost & Sullivan study commissioned by Microsoft revealed.

The study—Understanding the cybersecurity threat landscape in the Asia Pacific: securing the modern enterprise in a digital world—involved a survey conducted with 1,300 business and IT decision-makers from 13 markets.

The markets are Australia, China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, the Philippines, Singapore, Taiwan and Thailand, said Microsoft in a statement yesterday.

More than half of the organisations surveyed for the study have either experienced a cybersecurity incident or are not sure if they had one as they have not performed proper forensics or data breach assessment.

As companies embrace the opportunities presented by cloud and mobile computing to connect with customers and optimise operations, they take on new risks, said Eric Lam, director for enterprise cybersecurity group at Microsoft Asia.

“With traditional IT boundaries disappearing, the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation -- as has been made all too clear by recent high-profile breaches.”

A large-sized firm in the Asia Pacific can possibly incur an economic loss of $30 million, more than 300 times higher than the average economic loss for a mid-sized organisation, according to the study.

Cybersecurity attacks have resulted in job losses across different functions in 67 percent of the organisations that have experienced an incident over in last 12 months.

Although the direct losses from cybersecurity breaches are most visible, they are just the tip of the iceberg, said Edison Yu, head of enterprise for Asia Pacific at Frost & Sullivan, a business consulting firm based in Texas.

“There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organisations suffering from cybersecurity attacks can be often underestimated.”

In addition to financial losses, cybersecurity incidents are also undermining Asia Pacific firms' ability to capture future opportunities in today's digital economy, with one in six respondents stating that their enterprise has put off digital transformation efforts due to the fear of cyber-risks.

Although high-profile cyber attacks, such as ransomware, have been garnering a lot of attention from enterprises, the study found.

The firms in the Asia Pacific that have encountered cybersecurity incidents, fraudulent wire transfer, data corruption, online brand impersonation, and data exfiltration are the biggest concern as they have the highest impact with the slowest recovery time.

The research found despite encountering a cyber attack, only one in four firms consider cybersecurity before the start of a digital transformation project as compared to one in three organisations that have not encountered any cyber attack.

The rest of the firms either think about cybersecurity only after they start on the project or do not consider it at all.

“This limits their ability to conceptualise and deliver a secure-by-design project, potentially leading to insecure products going out into the market.”

The study has shown that 41 percent respondents see cybersecurity strategy only as a means to safeguard the organisation against cyber attacks rather than a strategic business enabler.

A mere 20 percent of companies see cybersecurity strategy as a digital transformation enabler.

According to the report, artificial intelligence (AI) is becoming a potent opponent against cyber attacks as it can detect and act on threat vectors based on data insights.

The study reveals that 75 percent of organisations in the Asia Pacific have either adopted or are looking to adopt an AI approach towards boosting cybersecurity.

“An AI-driven cybersecurity architecture will be more intelligent and be equipped with predictive abilities to allow organisations to fix or strengthen their security posture before problems emerge.”

The study called for positioning cybersecurity as a digital transformation enabler.

It advised to continue investing in strengthening security fundamentals as more than 90 percent of cyber incidents can be averted by maintaining the most basic best practices.